Which of the following ES features can help identify users accessing inappropriate web sites?
A security manager has been working with the executive team en long-range security goals. A primary goal for the team Is to Improve managing user risk in the organization . Which of the following ES features can help identify users accessing inappropriate web sites?A . Configuring the identities lookup with...
After installing Enterprise Security, the distributed configuration management tool can be used to create which app to configure indexers?
After installing Enterprise Security, the distributed configuration management tool can be used to create which app to configure indexers?A . Splunk_DS_ForIndexers.splB . Splunk_ES_ForIndexers.splC . Splunk_SA_ForIndexers.splD . Splunk_TA_ForIndexers.splView AnswerAnswer: D Explanation: Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallTechnologyAdd-ons
When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?
When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?A . indexes.conf, props.conf, transforms.confB . web.conf, props.conf, transforms.confC . inputs.conf, props.conf, transforms.confD . eventtypes.conf, indexes.conf, tags.confView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/ES/6.4.1/Install/InstallTechnologyAdd-ons
When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?
When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?A . $fieldname$B . “fieldname”C . %fieldname%D . _fieldname_View AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/ITSI/4.4.2/Configure/Createcorrelationsearch
Which argument to the | tstats command restricts the search to summarized data only?
Which argument to the | tstats command restricts the search to summarized data only?A . summaries=tB . summaries=allC . summariesonly=tD . summariesonly=allView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/Acceleratedatamodels
How is notable event urgency calculated?
How is notable event urgency calculated?A . Asset priority and threat weight.B . Alert severity found by the correlation search.C . Asset or identity risk and severity found by the correlation search.D . Severity set by the correlation search and priority assigned to the associated asset or identity.View AnswerAnswer: D...
Adaptive response action history is stored in which index?
Adaptive response action history is stored in which index?A . cim_modactionsB . modular_historyC . cim_adaptiveactionsD . modular_action_historyView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/Indexes
To which of the following should the ES application be uploaded?
To which of the following should the ES application be uploaded?A . The indexer.B . The KV Store.C . The search head.D . The dedicated forwarder.View AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallEnterpriseSecuritySHC
Which of the following are data models used by ES? (Choose all that apply)
Which of the following are data models used by ES? (Choose all that apply)A . WebB . AnomaliesC . AuthenticationD . Network TrafficView AnswerAnswer: A,C,D Explanation: Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/datamodelsusedbyes/
Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?
Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?A . Lookup searches.B . Summarized data.C . Security metrics.D . Metrics store searches.View AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/CreateGlassTable